On Tue, Sep 06, 2011 at 01:02:14PM -0400, Alphonse Hansel Anthony wrote: > Hi, > What is the difference between chroot & pivot_root. > They don't seem obvious based on the man pages apart from the below > mentioned > caveats. > > 1) Inherited Open file descriptors, have to be explicitly closed. > 2) Does not change CWD of the process, which can be overcome by doing a > chdir before & after chroot call. > > Any information on this would be useful. I assume you are asking wrt the libvirt LXC driver, which uses pivot_root instead of chroot() when setting up the guest. The primary reason for this is that chroot() is escapable, where as pivot_root() is not. https://s3hh.wordpress.com/2011/05/31/escaping-chroots/ Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/:| |: http://libvirt.org -o- http://virt-manager.org:| |: http://autobuild.org -o- http://search.cpan.org/~danberr/:| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc:|

Am Dienstag, 6. September 2011, 19:02:14 schrieb Alphonse Hansel Anthony: > Hi, > What is the difference between chroot & pivot_root. As far as I know, chroot changes only the effective root for one newly started process and all the child processes it will start in the future, leaving all other processes unaffected, while pivot_root changes the root for the entire system, killing all other processes.